REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

Transcription

1 REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

2 The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network must be able to meet those demands. To best utilize the new capabilities of a Software Defined Data Centre while providing maximum transparency and performance, the underlying physical network must scale linearly and programmatically interface in a seamless manner with new network virtualization capabilities with very little contention and minimal end-to-end latency. IGX Global and the integrated solutions of NSX by VMware, Palo Alto Networks and Arista Networks support business initiatives through increased automation and overcoming challenges associated with the tie between virtual resources and Physical Network and Security components. HIGHLIGHTS IGX Global is able to seamlessly integrate the vendor technologies of NSX by VMware, Palo Alto Networks and Arista Networks solutions and unlock the full potential of the software-defined data centre, allowing organizations to: Automate delivery of next-generation security services Centrally manage and program all aspects of the network across both virtual and hardware components Fully utilize a high performance networking solution coupled with lower Opex and Capex costs and maximum return on investment NSX AND PALO ALTO NETWORKS COMBINED SOLUTION One of the key barriers to achieving the true promise of a secure, agile, extensible, and flexible private cloud is the inability to deploy security services at the same pace as virtual machine deployments without compromising the level of protection needed. VMware and Palo Alto Networks have partnered to address these challenges. Using the NSX platform extensible service insertion and chaining capabilities, Palo Alto Networks builds on VMware s native kernelbased firewall capabilities to add next-generation security services. Palo Alto Networks offers a unique and modern approach to threat prevention that begins by proactively reducing the vulnerability of the network, then fully inspecting all allowed traffic for threats. The Palo Alto Networks Zero Trust model advocates stripping away all previous assumptions about trust in the network, and not trusting users, packets, interfaces or the network. NSX from VMware is a complete multi-hypervisor, multicloud management network virtualization platform. Inserting other vendors services such as those of integrated software and hardware partners is applicable without compromising any aspect of the platform s capabilities. The consolidated solution provides an integrated data centre design that allows organizations to unlock all the benefits of the software defined data centre, from optimized capacity utilization and operational efficiencies to greater flexibility and agility without compromising security. 2

3 Figure 1. Components of the NSX platform COMBINED ARISTA EOS AND VMware NSX SOLUTION VMware and Arista Networks have aligned their visions for network virtualization to realize the full potential of the Software Defined Data Centre. VMware NSX works with any existing IP network, but the right coupling between NSX and Arista Networks delivers optimal data centre benefits. The combined Arista and VMware solution is based on Arista s data centre class 10/40/100 GbE networking portfolio with Arista EOS and VMware NSX Virtual Networking and Security platform. The VMware NSX and Arista EOS combined solution offers the following benefits to deploying network virtualization within data centres built on the foundation of Arista's Software Defined Cloud Networking: Virtual and physical workloads can be connected on a common logical segment on-demand regardless of hypervisor, IP subnet or physical location Holistic views of the virtual and physical topology increase operational efficiency Network virtualization with NSX does not require IP multicast for learning or forwarding broadcast, unknown unicast or multicast packets A single point of management and control via NSX APIs and EOS APIs to configure the logical networks across hypervisors and the physical network fabric. 3

4 PALO ALTO NETWORKS AND ARISTA NETWORKS ALIGNMENT Palo Alto Networks and Arista Networks have partnered to offer the highest performance nextgeneration firewall implementation in the industry. By leveraging the extensibility built into every Arista Extensible Operating System (EOS), the Arista DirectFlow, and the unique deployment options offered by the Palo Alto Networks virtual-wire mode, we are able to deliver scale while ensuring flow symmetry. The Palo Alto Networks and Arista Networks solution focuses on delivering investment protection by horizontally scaling firewall performance to add capacity while maintaining sessions. Aside from firewall scaling, this concept can easily be applied to many other types of devices, for example IDS/IPS devices, proxies, antivirus pods, DDoS mitigation devices, WAN Optimizers. ARISTA DirectFlow Arista Networks DirectFlow technology allows for linkaggregation of up to Gigabit Ethernet connections. This creates a single logical interface of up to 320 Gbps across two chassis in an Active/Active topology, with no blocked paths. The technology will automatically balance traffic between the different links in the aggregated bundle. If any link or system is taken off-line, traffic will be automatically rebalanced among the remaining links, providing full HA functionality. PALO ALTO VIRTUAL WIRE TECHNOLOGY Palo Alto Networks unique Virtual-Wire technology can transparently perform line-rate next generation firewall protection, without requiring configuration changes to the data centre switches. SCALABLE THROUGHPUT Combining the Arista DirectFlow and Palo Alto Networks Virtual-Wire technologies enables the Palo Alto Networks firewalls to inspect each link in the Arista Networks DirectFlow with minimal complexity and allows the firewall to scale as the data centre bandwidth requirements increase. ARISTA EOS Arista EOS (Extensible Operating System) is designed to provide a foundation for the business needs of nextgeneration data centres and cloud networks. It is also programmatic across all layers Linux kernel, hardware forwarding tables, Virtual Machine orchestration, switch configuration, provisioning automation and detailed monitoring of the network. By leveraging the programmability of Arista Extensible Operating System (EOS) with the advanced security capabilities of a Palo Alto Networks next-generation firewall, Arista DirectFlow Assist enables a scale-out architecture where the switch can offload traffic from the firewall. Figure 2. Arista Networks & NSX symmetric Scale configuration showing a 100 Gbps solution 4

5 IGX GLOBAL IGX Global has been providing technology sales, professional services and managed security services among leading vendors in information network and security for over a decade. Our consultants are experts in their field and can ensure seamless integration between physical and virtual resources and processes. Our team has multiple vendor accreditations to ensure that your environment is treated as an entire system rather than a collection of disparate parts. IGX Global has extensive experience in complete project life cycle management, from establishing requirements through delivery and into ongoing support. We focus on a combination of knowledge transfer, training and solution testing to support adoption of new technologies. We work with our clients to reduce operational cost of adoption and risk. NSX is at the centre of the architecture discussed in this whitepaper. Our team trained at VMware HQ in Ireland and has undertaken projects for VMware Professional Service delivering for a number of large global blue chip clients. IGX Global is uniquely positioned to ensure the best experience for your organization when embracing Software Defined Data centre technologies; we have practical experience of the various multicast considerations, Zero trust models, best practices and all manner of NSX nuances. MSSP OFFERING FROM IGX GLOBAL: Cloud based real time log correlation and alerting platform (security incident and event monitoring and management (SIEM)) Detect threats and breaches + meet compliance needs Early breach discovery through real time analytics, event cross-correlation Correlation, situational and contextual awareness - experienced SOC Analysts Emphasis on technical competence, responsiveness, and flexibility as differentiators + Portal, SLA Adherence, report generation Comprehensive suite of offerings and core competencies System Upgrades / Patches As industry veterans, IGX Global professional services enable customers to draw from a rich pool of seasoned network and security experts as and when they need it. 5

6 Palo Alto Networks is the leading next-generation network security company. Its innovative platform allows enterprises, service providers, and government entities to secure their networks by safely enabling the increasingly complex and rapidly growing number of applications running on their networks and by providing prevention against cyber threats. Arista Networks was founded to deliver Cloud Networking Solutions for large data centre and computing environment. Arista s award-winning best-of-breed 10, 40 and 100 Gigabit Ethernet switches redefine scalability, robustness, and priceperformance. At the core of Arista s platform is EOS, a groundbreaking software architecture. VMware is the industry-leading virtualization software company. NSX is VMware s leading network virtualization platform that delivers the operational model of a virtual machine for the network. Similar to virtual machines for compute, virtual networks are programmatically provisioned and managed independent of underlying hardware. IGX Global is the premium network and security integrator with four global locations across the United Kingdom and the USA, providing a complete lifecycle of security and network infrastructure services. IGX Global offers IT procurement and asset management, integration and remote services that scale across the SBM market to enterprise and service provider organisations. From cloud MSSP services, to managed integration services and data compliance, IGX Global offers international reach to any size company. 6

Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for

Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

POSITION PAPER Brocade One Data Center Cloud-Optimized Networks Brocade s vision, captured in the Brocade One strategy, is a smooth transition to a world where information and applications reside anywhere

Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined

Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the

ARISTA WHITE PAPER Cloudifying Data Center Monitoring The shift in the approach to networking driven by the emergence of cloud networks, rapidly evolving merchant silicon system on chip (SoC) and purpose

Taking the Open Path to Hybrid Cloud with Dell Networking and Private Cloud Solutions In This Paper Frequently, the network is the stumbling point to cloud adoption SDN offers a more dynamic, virtualized

Blue Planet Introduction Cyan Blue Planet is the first Software- Defined Network (SDN) and Network Function Virtualization (NFV) platform purpose- built for service providers and the wide area network.

VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

Blue Planet Introduction Cyan Blue Planet is the first purpose-built Software-Defined Network (SDN) platform designed for service providers to simplify the development, deployment, and orchestration of

Business Case for Open Data Center Architecture in Enterprise Private Cloud Executive Summary Enterprise IT organizations that align themselves with their enterprise s overall goals help the organization

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION At many enterprises today, end users are demanding a powerful yet easy-to-use Private

Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation

Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center A NEW NETWORK PARADIGM What do the following trends have in common? Virtualization Real-time applications

Complete Security and Compliance for Virtual Environments Vyatta takes the concept of virtualization beyond just applications and operating systems and allows enterprise IT to also virtualize network components

How the Software-Defined Data Center Is Transforming End User Computing The Essentials Series sponsored by David Davis SDDC Powered Virtual Desktops and Applications... 1 Three Pillars of SDDC and Desktop/Application

Business Case for BTI Intelligent Cloud Connect for Content, Co-lo and Network Providers s Executive Summary Cloud computing, video streaming, and social media are contributing to a dramatic rise in metro

Managed Hosting Service Description Version 1.10 Effective Date: 3/3/2015 Purpose This Service Description is applicable to Managed Hosting services (MH) offered by MN.IT Services (MN.IT) and described

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect

Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation

Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

Cloud-Based Services: Assure Performance, Availability, and Security What You Will Learn Services available from the cloud offer cost and efficiency benefits to businesses, but until now many customers

The Promise and the Reality of a Software Defined Data Center Authored by Sponsored by Introduction The traditional IT operational model is highly manual and very hardware centric. As a result, IT infrastructure

ZSCALER EBOOK Top 10 Reasons Enterprises are Moving Security to the Cloud A better approach to security Albert Einstein defined insanity as doing the same thing over and over again and expecting different

Overview: Virtualization takes IT by storm The adoption of virtualization in datacenters creates the need for a new class of networks designed to support elasticity of resource allocation, increasingly

Network Services in the SDN Center SDN as a Network Service Enablement Platform Whitepaper SHARE THIS WHITEPAPER Executive Summary While interest about OpenFlow and SDN has increased throughout the tech

Branches as Nimble as the Cloud: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY The principles of cloud computing are transforming the delivery of information services

Making the hybrid world work for you: Redefining IT operations Frank Casey Group Director, Data Center Solutions & Managed Services accelerate your ambition We re a USD 6.7 billion business with a remarkable

The Role of Virtual Routers In Carrier Networks Sterling d Perrin Senior Analyst, Heavy Reading Agenda Definitions of SDN and NFV Benefits of SDN and NFV Challenges and Inhibitors Some Use Cases Some Industry

FROM A RIGID ECOSYSTEM TO A LOGICAL AND FLEXIBLE ENTITY: THE SOFTWARE- DEFINED DATA CENTRE The demand for cloud infrastructure is rapidly increasing, the world of information is becoming application and